Mike Howard mike at
Mon Jun 4 01:44:56 MDT 2012

On 04/06/2012 00:43, Andrew Bartlett wrote:
> On Sun, 2012-06-03 at 17:01 +0100, Mike Howard wrote:
>> On 03/06/2012 11:15, Andrew Bartlett wrote:
>>> On Sun, 2012-06-03 at 09:59 +0100, Mike Howard wrote:
>>>> I have had samba4 (Version 4.0.0alpha21-GIT-073666e) up and running as
>>>> the PDC on my network, currently with BIND9_DLZ and Bind9.9, working
>>>> well for a little while.
>>>> For redundancy, I'd like to add a Samba 4 BDC, also BIND9_DLZ with
>>>> Bind9.9. To this end I grabbed the latest from git (Version
>>>> 4.0.0alpha22-GIT-29a51a2) and installed it, however there is not a lot
>>>> (any?) info out there on how things should be done _properly_ from a
>>>> configuration point of view, i.e. on the BDC is there a smb.conf or not,
>>>> how is the krb5.conf configured, how is /etc/resolv.conf configured?
>>>> Anyway, I can join the the BDC to the domain with;
>>> ...
>>>> Joined domain MYDOMAIN (SID S-1-5-21-2874647136-1364824720-2698236840)
>>>> as a DC
>>>> The process of joining the BDC to the domain seems to shutdown bind on
>>>> the PDC and neither '/usr/local/samba/private/named.conf' nor
>>>> '/usr/local/samba/private/dns/' are created on the BDC.
>>>> I can (and did) add the followong to my 'named.conf.local'.
>>>> dlz "AD DNS Zone" {
>>>>        # For BIND 9.9.0
>>>>            database "dlopen /usr/local/samba/lib/bind9/";
>>>> };
>>>> but bind will not restart as '/usr/local/samba/private/dns/' and it's
>>>> contents are missing.
>>>> Can anybody give me some pointers or point me at any info that will help
>>>> with the correct configuration?
>>> See the other posts on this list about ensuring the DNS partitions are
>>> replicated, then run samba_upgradedns to populate the DNS directory for
>>> the second DC.
>>> There is a fair bit of info in the list archives on this.  Hopefully we
>>> can make this more automatic in the future.
>>> Andrew Bartlett
>> Hi,
>> Sorry, I obviously need to improve my search techniques. Thanks for the
>> pointers.
>> Sadly, none of them worked but not to worry, it is after all only alpha
>> software.
> If you could please work with us to understand what failed, and if it is
> any different to the failure modes already described, it would be very
> helpful.  This will soon be 'beta' software, and the best way to make it
> 'release software' is to understand these issues.
The failures appeared to be exactly the same as those already mentioned 
in the threads you pointed me to.

I think one of the problems is that there is no clear configuration 
documentation regarding BDCs so when working through the problem I have 
no idea if my setup is correct to start with. By setup I mean the basic 
things the smb.conf, resolv.conf krb5.conf, so I make assumptions, maybe 
incorrect assumptions.

Up to this point I have  used a krb5.conf that I would use on a client 
and I'm able to kinit. At the time of the join I have used no smb.conf 
and I have also tried with an smb.conf (matching the PDC one apart from 
netbios name and with preferred master = no).

I have followed the recommendation to stop and restart samba, 
successfully ran 'ldbsearch -H /usr/local/samba/private/sam.ldb -b 
"DC=mydomain,DC=co,DC=uk" "(objectClass=dnsZone)" but still 
'samba_upgradedns' always fails to create the dns folder and friends. I 
have gone through this process at least a dozen times in the last two 
days alone.

I'll start again today and report all steps and outputs upto the point 
of failure. I know there are others (thread Re: redundant DNS setup with 
bind_dlz possible ?) who are trying to get a similar setup so maybe we 
can get there in the end.

Btw, I did try without a samba DNS backend but, as you implied, it was 
not good.


Any question is easy if you know the answer!

